Telstra customers are advised to be on their guard, as a new phishing email scam purporting to be from the company is currently hitting inboxes.

MailGuard intercepted the fraudulent emails today afternoon (AEST). Masquerading as ‘new bill’ notifications, the emails use the display name ‘Telstra’ and were sent from a large number of compromised email accounts. All sending addresses as well as links within the email are all part of the same collection of compromised domains.

The body of the email is relatively simple and uses plain text to advise recipients that their latest Telstra bill is now ready to be viewed. A link for "View Bill" is provided in the email.

Here is a screenshot of the email:

Unsuspecting recipients who click on the link to view their bill are led to a blank webpage that serves up a malicious file download.

While this scam isn’t as sophisticated in design as others that MailGuard has seen, cybercriminals do use several elements within the email body to convince recipients that it is a legitimate notification from Telstra. A key feature is the inclusion of the sentence ‘Please note: Telstra will never ask you to provide credit card, or banking details via email."

This disclaimer, along with the included link to the telecommunication company’s phishing advisory page, boosts the credibility of the email as it is a common feature that recipients are used to seeing in legitimate notifications from Telstra.

Telstra, by its large database and established brand credibility, is an ideal company to spoof by cybercriminals as it widens their victim pool.

Update: MailGuard intercepted another email scam brandjacking Telstra later that week. This email scam utilises the same techniques to scam unsuspecting recipients. Watch the below video to find out more about these two scams:

Telstra Takes Security Seriously

Telstra has been targeted by brandjacking before, and they caution their customers to verify Telstra emails are authentic. On their support page they advise:

Hoax emails may: - Be unaddressed, or addressed generically to Dear Customer - Be badly written with broken sentences, spelling mistakes and grammatical errors - Show a sender address that is very close to the real company's address - Display a suspicious looking URL when you hover over links or buttons you're asked to click - Contain an unexpected zip file or other attachment

Tell-tale signs of phishing scams

A sense of urgency

Bad grammar or misuse of punctuation and poor-quality or distorted graphics

An instruction to click a link to perform an action (hover over them to see where you’re really being directed)

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au